Reading:
U.S hotel malware may have compromised guests’ credit card data
Share:
data breach compensation for card skimming

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

U.S hotel malware may have compromised guests’ credit card data

A four-star hotel in the U.S. has discovered a data breach that may have compromised an undisclosed number of guests’ credit card information.

The Galt House Hotel, located in the state of Kentucky, discovered malicious software stealing information from a “payment card processing system” where credit card information is stored for payment purposes.

An internal investigation discovered the malware, and it’s believed that guests who used their credit cards to pay for visits between 21st December 2016 and 11th April 2017 may be affected.

Sensitive financial information taken

The hotel has not disclosed how many guests stayed with them or used their credit cards in the hotel during the three-and-a-half month period where the breach is thought to have happened. According to reports, the malicious software was programmed to infiltrate the payment card processing system and copy all the credit information it could find.

It’s suspected that the following information was stolen by the malware:

  • Full names
  • Bank account numbers
  • Credit card expiration dates
  • Verification codes

With this much information, credit card holders are potentially at a huge risk of unauthorised banking activity, financial fraud, and even being contacted by data criminals who impersonate service providers to obtain even more information or defraud victims of money.

Issue now resolved

The hotel has apparently “resolved the issue” and is taking steps to patch up and increase security measures.

Still, a data breach like this one cannot always be simply “resolved”. An organisation can identify the malware, remove it, and put in new and improved security, but the damage is done and it may be much harder to repair. The impact of a data breach can mean no tangible end – those whose data has been stolen could at any point fall victim to some sort of scam.

We may never know who has accessed the stolen information…

For this data breach, the credit card owners may never know just how many people have had access to their information; if they still have it; what they have done with it; and what they may do with it in the future.

As long as that information remains valid, the data owners may be at risk of unauthorised financial activity.

Even when the information is no longer valid – e.g. the credit card owner closes down their bank account – cybercriminals may contact the individual, pretending to be, perhaps, an internet provider. They may say that payments aren’t coming through and convince the individual to go through their new credit details to ensure they still get access to some form of service. The fraudsters can be quite convincing and may try several ways of trying to steal victims’ money.

Not the first breach of its kind

The Galt House Hotel’s data breach is reminiscent of InterContinental Hotels Group’s (IHG) own data breach earlier this year. Even though the IHG is a multinational corporation, the source of their data breach was also though malware on payment card systems.

Back in April 2016, the Trump Hotel Collection reportedly suffered a data breach twice in one year. Reports revealed that the point-of-sale systems were infected with malware.

Point-of-sale system vulnerabilities

This pattern is not a coincidence. Hotels, restaurants and retailers who use point-of-sale systems or other payment card systems need to recognise the vulnerabilities.

In a society where bank transactions are so easy and convenient, the machines and systems processing these payments cannot be simply installed and expected to provide adequate security as they are. Today, there are many ways the scammers can use to penetrate systems of all kinds. Cybersecurity needs to always be a priority.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon